Monday, June 12, 2006

To establish user equivalence (SSH) between two servers

To establish user equivalence:

1. Create the directories for SSH:

mkdir ~/.ssh
chmod 700 ~/.ssh

2. Generate the user's public and private keys as the oracle user on all nodes in turn. Do not enter a passphrase when prompted, just press 'ENTER' 3 times to accept all defaults.

ssh-keygen -t dsa
ssh-keygen -t rsa

3. Create the authorized_keys file using both public keys for all nodes, copy the file to all nodes, and change the permissions (do this from one node only).

ssh salmon1 cat ~/.ssh/*.pub >> ~/.ssh/authorized_keys
ssh salmon2 cat
~/.ssh/*.pub >> ~/.ssh/authorized_keys
scp ~/.ssh/authorized_keys salmon1:.ssh/authorized_keys
scp ~/.ssh/authorized_keys salmon2:.ssh/authorized_keys
ssh salmon1 'chmod 600 ~/.ssh/authorized_keys'
ssh salmon2 'chmod 600 ~/.ssh/authorized_keys'

4. Visit each node in turn from every node (including itself). This ensure all nodes are added to each node's known_hosts file, and cluster operations can be run from any node in the cluster. This also serves to test the setup to ensure it is working.

[oracle@salmon1]$ ssh salmon1 'hostname ; date'
[oracle@salmon1]$ ssh salmon2 'hostname ; date'
[oracle@salmon2]$ ssh salmon1 'hostname ; date'
[oracle@salmon2]$ ssh salmon2 'hostname ; date'

Each of the above should return the date without prompting for a password.

No comments:

Post a Comment